As the United States struggles to oust China from its telecommunications networks, outgoing Federal Communications Commission Democratic Chairwoman Jessica Rosenworcel said it is critical that her Republican successor maintain strong oversight of the telecom industry.
The government remains troubled by China’s “Salt Typhoon” hacking campaign that infiltrated at least nine U.S. telecommunications companies, giving China access to Americans’ phone calls and text messages and wiretapping systems used by law enforcement. . The operation exploited the US carrier’s surprisingly poor cybersecurity, including AT&T administrator accounts that lacked basic security protections.
To prevent a repeat of the unprecedented telecommunications intrusion, Rosenworcel used the final years of his FCC leadership to propose new cybersecurity requirements for telecommunications carriers. On Thursday, the committee narrowly voted to approve her proposal. But those rules face a bleak future as President-elect Donald Trump prepares to take office and hands control of the FCC to Commissioner Brendan Carr, a Trump ally who voted against Rosenworsell’s regulatory plan.
In an interview just days before Trump’s inauguration, Rosenworcel was adamant that regulation is part of the answer to America’s communications security crisis. And she has a resounding message for Republicans who think the solution is to let telecommunications companies police themselves.
“We are grappling with what has been described as the worst communications hack in our country’s history,” she says. “You either take serious action or you don’t.”
“The right thing to do”
Rosenworcel’s plan consists of two stages. First, the FCC formally declared that the Communications Assistance for Law Enforcement Act (CALEA) of 1994, which requires telecommunications companies to design their telephone and Internet systems to comply with wiretapping, must also implement basic cyber defenses to prevent tampering. Next, the FCC proposed requiring the broader range of companies regulated by the commission to develop detailed cyber risk management plans and certify their implementation annually.
The outgoing chairman describes the rule as a common-sense response to destructive attacks.
“It will be shocking to most consumers that in the United States in 2025, there will be no minimum cybersecurity standards on our networks,” Rosenworcel says. “We are asking carriers to develop plans and ensure they are in compliance with those plans. “It’s the right thing to do.”
Without these standards, “our networks will lack the protection they need from nation-state threats like this in the future,” she adds.
But Republicans are unlikely to embrace new regulations for telecommunications networks. The powerful telecommunications industry tends to strongly oppose new regulations, and Republican lawmakers almost always side with the industry in these debates.
Texas Republican Sen. Ted Cruz, who currently chairs the Commerce Committee, called Rosenworcel’s plan “at best a Band-Aid and at worst a cover-up for serious blind spots” during a December hearing.
Carr, who last month called Salt Typhoon “very concerning,” joined fellow Republican committee member Nathan Simington in voting against Rosenworcel’s proposal. Carr’s office did not respond to a request for comment on the new regulations. But he has repeatedly criticized Rosenworcel’s approach to enforcing rules for the telecommunications industry, accusing her of going too far and warning that the FCC must rein in itself or face backlash from the courts.
